Tool
TriOp update - version 1.5
· ☕ 1 min read
I’ve published version 1.5 of TriOp today. Besides the addition of several CVEs into the internal list of vulnerabilities, a new feature was also introduced, which enables automatic generation of Shodan queries for the current list of vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) Catalog...

TriOp update - version 1.4 (and Shodan Trends)
· ☕ 1 min read
I’ve published version 1.4 of TriOp today. The only change in this version is the addition of CVE-2021-31206 (vulnerability used in the ProxyShell attack) to the relevant search list. One additional point that deserves a mention is that Shodan has recently opened access to a new service called Shodan Trends...

TriOp update - version 1.3
· ☕ 1 min read
I’ve published version 1.3 of TriOp today. The only change in this version is the addition of vulnerabilities used in the ProxyShell attack (CVE-2021-31207, CVE-2021-34473 and CVE-2021-34523) to the relevant search list...

TriOp update - version 1.2
· ☕ 1 min read
I’ve published version 1.2 of TriOp today. A bug was present in the 'add' mode in version 1.1, which resulted in incorrect behavior when parameterized queries were present in search files, and this update fixes it...

TriOp update - version 1.1
· ☕ 2 min read
I’ve published version 1.1 of TriOp today. I’ve added CVEs for the recent Exchange vulnerabilities to the vulnerability search list, since Shodan is now capable of detecting systems affected by them. In response to a request from the CSIRT community, I’ve also added the option for use of arbitrary filter along with a list of parameters...

TriOp - Tool for quickly gathering statistical information from Shodan.io
· ☕ 2 min read
TriOp is a tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries. Generally, it may be useful to security researchers who wish to use data gathered from Shodan over time as a part of their research (e.g. to show how number of systems exposing remote access protocols to the internet changed as a reaction to new movement restrictions connected to the Covid-19 pandemic) and to CSIRTs, especially national ones, that wish to monitor their constituencies for changes and/or vulnerabilities, but lack the technical tooling that would enable them to periodically scan all of their external IP ranges.